LulzSec Hacks UK Government, Begins Operation Anti-Security

This site may earn affiliate commissions from the links on this page. Terms of use.

Just one day after announcing that its new primary target would be governments, banks, and white hat security firms, LulzSec has apparently managed to breach the British government and download the United Kingdom Census 2011 data. The Census, which is performed every 10 years by all 60 million of the UK’s residents, contains the personal details, religious beliefs, incomes, and education levels of every person in England, Scotland, Wales, and Northern Ireland.

Writing on Pastebin, LulzSec damns the British government’s security: “We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census.” But, in an effort to show that someone at LulzSec has some semblance of a soul, it continues: “We’re keeping them under lock and key though… so don’t worry about your privacy (…until we finish re-formatting them for release). Myself and the rest of my Lulz shipmates will then embark upon a trip to ThePirateBay with our beautiful records for your viewing pleasure!” Presumably LulzSec means to remove personally identifiable information from the dataset — but who knows.

This act, which is the first of LulzSec’s new “Operation Anti-Security” or #AntiSec, is designed to humiliate big, world- and internet-controlling institutions — or “freedom-snatching moderators” as LulzSec calls them. Operation AntiSec will proceed to break into as many governments and banks as possible, to both expose the weak security mechanisms employed by these sovereign powers and to hopefully unearth any “corrupt booty.” Ostensibly, LulzSec wants to highlight the stupidity of entrusting such institutions with all of our data — and likewise, if they can’t secure their own networks, why should they be tasked with controlling and censoring the internet?

The end-game scenarios of this operation, this war, are unclear. Any hacked governments will almost certainly use LulzSec’s activities as the basis for tougher internet-oriented legislation and further reductions of our freedom on the web — the exact opposite of the utopian vision that LulzSec espouses. LulzSec is surely hoping that governments will back down and roll over — but for that to happen, LulzSec will have to do a lot more than release the UK’s census data. LulzSec has proven that it has the guts and the skills to hack just about anything, though — so now it’s just a question of who or what they will hack next.

Tagged In

You do realize that they aren’t stopping either, if this where a hostage situation, someone would meet their needs… not ignore them..

Ian Baugh

You do realize that they aren’t stopping either, if this where a hostage situation, someone would meet their needs… not ignore them..

Anonymous

A Key facet of Immaturity is the inability to SEE the future consequences of your acts.
A Key Factor of Criminality is the inability to CARE about the future consequences of your acts.

The picture of a TOTALLY secure future is like a neighborhood where every window is a slit, covered with welded steel bars, where every front door is composed of two heavy steel doors, each with two locks each, fronted by a a iron/steel cage. The walls are not bricks, but cinderblock. There are no parks or open areas, because open areas are where you can be assaulted and robbed– thus no gardens, no public spaces. And where everyone walks in fear.

It’s called a Prison.

This is what the childish bratpack called Lulzsec is aiming for in the Future of the Internet.

http://profiles.google.com/alien8752 Mark Fergerson

You’ve completely missed the meta-point.

Wherever you live, you have “privacy rights” but your government reserves the privilege of abridging those rights at their “need”, which they also get to define, sometimes on the fly. In other words they can require of and enforce full transparency on us. Sometimes they can fake it, e. g. “If you’ve done nothing wrong you have nothing to hide”.

Governments also claim privacy but deny us the privilege of abridging it except at “need” they also get to define, sometimes on the fly. In other words they refuse to practice full transparency.

Governments often justify this asymmetry by claiming that full transparency will jeopardize National Security.

Since your government ostensibly is responsible for your security, your “need” to know what it’s up to is subordinate to its “need” to know what you’re doing.

Are you happy with that arrangement?

If so, consider that LulzSec has demonstrated that at least some Governments are not competent to ensure at least some parts of their citizens’ security.

Are you still happy?

Anonymous

Meta-point? And that means what? Nothing substantive.

When people start mis-communicating in Buzz-speak, it generally means they want to confuse and cow their audience into acceptance without understanding of true motives. The rest of your buzzspeak hearkens to Mr Assanges twisted view of the Universe– which is even more incomprehensible.

Gov’ts are made up of people, Bureaucracies and Politics. The ability to vote, an educated citizenry and the imperfect process of laws hopefully lead us to greater prosperity. Yet it’s messy, ’tis true.

Breaking open secrets and strewing them in the street for everyone to see and take only leads to people backing away and becoming MORE secretive. Imperfect Security isn’t so bad in the long run. Perfect Security, on the other hand, is an sign of serious despotic control that can NOT be oh-so-safely sneered at from the safety of your parent’s bedroom computer.

And still, Who Appointed Lulsec, Assange and Anonymous and their ilk to be Executor? And what Happens if LulzSec begins to show an ugly side that doesn’t care about Ordinary People? How do we know LulZsec isn’t comprised of true Criminal elements? Or will you say that we’re just supposed to lay down and accept what They post as truth?

Sound like Despotism, to me. . .

http://profiles.google.com/alien8752 Mark Fergerson

“Meta-” ~= take a step back and recognize that the thing you’re focusing on is part of a bigger picture.

Your “twisted view of the universe” appears to be that citizens must trust their governments. I disagree *precisely* because governance, as you say, is a messy business.

Specifically, I don’t think governments ought to be allowed to hide their messes from their citizens. Those messes usually turn out to be due to the actions of one or more people who should be brought to the same standard of justice citizens are subject to, but rarely are.

LulzSec’s (meta-) point is that your security is *your* business. Protect your own computer with the best tools available just as you protect your home and person.

Your antivirus, browser, and firewall are roughly equivalent to your home security, car, and door lock(s). The computer I’m using belongs to a 58 year old American male. Me.

I use Firefox, Zone Alarm, and Clamwin- and a few other things I won’t announce.

Notice that every commercial and social networking site that’s been hacked repeat recommendations they’ve *already made* to their users to improve their security. For instance, don’t use obvious passwords, don’t use the same password for different sites where you do business, simple stuff that takes just a little effort. Then, they announce they’re “beefing up” their security, in other words doing what they should have in the first place. Good advice.

Perfect security isn’t the point. There’s no such thing in the computer age, but really there has never been at any time in the past and never will be. Locks exist to slow thieves down, not stop them.

Who appointed LulzSec? They don’t consider themselves subordinate to anyone. They are, by definition, criminals, but remember who makes the definition; those with secrets to keep.

Bottom line; if you don’t want to be hacked, don’t be sloppy in your online security efforts. You don’t have to equal their specialized talents and skills, just don’t be lazy. “True” criminal hackers exist outside LulzSec, you know.

Anonymous

The problem with your world view, like that of my interns and other young Geeks, is a fundamental hatred of the fact that ordinary people who don’t fully understand what the Web or the Browser is, have access to the Data-Verse.

Unfortunately, PC’s and the Internet and Connectivity has become not just an Appliance and a Service for EVERYONE, in many cases, it’s MANDATED. We’re at the point where you can’t engage a service without an Internet Acct. So we have Grandmas with Bank Accts, who will now need Internet access to pay her bills.

And by your worldview, if she wakes up and finds herself penniless because of something she took for granted. . .well tough sh!t, eh? The Old biddy deserved it anyways. Who told her to touch a computer when she doesn’t even know the different between a Program and a Browser?

At that point, LulzSec will be in no position or even CARE about helping her or other people who are the victims of ID theft, or Bank accts that were drained overnight. The only place they can go to for help is the “Gov’t”, the very entity you sneer at. Would you like to see LulzSec totally incapacitate Gov’t or the Banks, so they can DO NOTHING?

In your world view, thugs can smash your front door down, throw your stuff in the street and yet NOT STEAL anything, so long as they leave you a message informing you that had you been SMARTER and bought a Better Lock, you wouldn’t have this problem. Even better if you had hired a PRIVATE SECURITY GUARD And that would be okay.

But I’ll bet you would be hitting 9-1-1 so fast you’d nearly break your phone. And guess what– That’s the Gov’t.

And further, you be having a fit, if the Cops showed up, shrugged their shoulders, told you to drive down to the precinct and make a complaint– and that you should have bought better locks on the market.

And if they did THAT, you would make a bee-line straight to your nearest elected official to scream. . .but guess what: that’s the Gov’t, too.

http://profiles.google.com/alien8752 Mark Fergerson

“The problem with your world view, like that of my interns and other
young Geeks,

(cute! Is your assessment of others’ maturity proportional to their agreement with your opinions?)

is a fundamental hatred of the fact
that ordinary people
who don’t fully understand what the Web or the Browser is, have access
to the Data-Verse.”

Exactly wrong. As far as I’m concerned, so-called “AOLamers” and “gmail Lusers” are as welcome as Grandma and everyone else on the internet. I use gmail myself. I’m certainly no script-kitteh.

Earlier you mentioned the civic duty of maintaining awareness of issues and candidates; do you regularly vote for hardline law and order candidates? I used to live in this guy’s bailiwick:

His jail has a very low recidivism rate, but Maricopa county is no police state.

You seem to think that the internet equivalent of being an educated
citizen is equaling LulzSec’s level of technical expertise. That’s
silly; you don’t have to gear up like a SWAT team member to walk city
streets. Sheriff Joe’s take on that:

Do we not have the civic duty of educating ourselves on the internet and its hazards?

Grandma can be ripped of in the real world by scammers and should have recourse. People also spread word of such scams so Grandma can avoid being ripped off in the first place; that’s the beauty of internet social networking.

“In your world view, thugs can smash your front door down, throw your
stuff in the street and yet NOT STEAL anything, so long as they leave
you a message informing you that had you been SMARTER and bought a
Better Lock, you wouldn’t have this problem. Even better if you had
hired a PRIVATE SECURITY GUARD And that would be okay.”

I know you can’t cite me saying what LulzSec is doing is OK so I won’t ask you to. You seem to have mistaken me for a Bomb Throwing Anarchist.

I’ll remind you once again that THEY claim they’re demonstrating that governments, corporations, and other large internet presences are INCOMPETENT to protect their users’ data.

Well, darnit, they do seem to have shown that to be true regardless of any other, sinister intent they may have and regardless of whether they’re ever prosecuted.

This seems to terrify you. Good, it ought to; it terrifies ME. It means others with indisputable bad intent can do it too. But I’m not panicking or railing about LulzSec forcing us to manifest Big Brother, I’m in the process of calmly and deliberately rechecking my own security. You?

Anonymous

I am secure as someone knowledgeable in my field can be– But I have no control over the Banks and the Gov’t ramping up Log-in Security to the point where the average user let’s say–

Is No longer able to use One Password.
Must Use at least THREE NON-Dictionary Authentications
Must Answer AT least TWO Security Questions
Must do so using only ONE Authorized Web-Browser
Must do so ONLY from ONE Authorized PC

Failure at any stage will result in automatic Lock Down of the Account which can only be unlocked via Telephone conversation (During Regular Business Hours) or face to face meeting with a Bank manager at your local Branch or Local Govt Office. Oh, and the attendant ATM card is remotely de-activated for good measure.

This is not an impossible scenario from the Banks’ POV.

When Banks go paranoid– it doesn’t matter how educated the Average Users may be. They won’t Ask Us. They will just implement.

And yes– Grannie can, in theory find such info on the web. But if she doesn’t trust what she sees on the web? From her POV, Who are YOU? And how does she know YOU are not setting her up?

Yes– it’s sounds silly on it’s face. . .until you talk to someone who’s over 70. Yes– some are canny and mentally spry. Others are not. They WERE born in a different age, you know.

As for my perception of you: ‘AOLamers, gmail Lusers’ That line right there ‘implies’ to me that my assessment is not far off the mark. You Typed the Words. I did not supply them.

For myself– Instead of sneering at one user, a Nurse for using AOL in NYC, I ASKED her why she did: her honest answer– “I feel safer in the AOL system– plus, I understand it. It has what I want all in one place.”

My Geek programmer just launched into a snarky tirade of AOL that included the words F**K. Then I asked him what was his MOTHER’s HOME PAGE at home–

Quiet Answer: AOL.

And while I can accept your statement that YOU are not an Anarchist– LulzSec does find Vulnerabilities, but doesn’t act like a White Hat Vulnerability Firm and inform the targetted organizations. They do indeed, like thugs just bust down the door and throw everything into the street. That’s not Thoughtful Vulnerability Proof Assessment. That’s Anarchy.

And their latest Escapade with Ariz Law enforcement records is not about making the Web a Better DataVerse. They want to see what they set fire to. And for people such as yourself– it’s Rah-Rah-Rah, until ‘THEY’ or someone CLAIMING to be THEM hit a Website where YOU do business. What if next year at Tax Time, LulzSec decides to smash the IRS Tax site, invalidating all attempts to submit electronically. Entirely possible– Not all LulZsec-er’s even live in the US, and hatred of the IRS seems to be an easy itch to stroke for webside cred.

After all, in order for Electronic submission to work, I’m sure there are vulnerabilities there. So Why Not? Are you for LulzSec taking that on as a Target of opportunity as a ‘Public Service’ I’m quite sure that many an angry person has called the LulzSec line and dropped IRS.GOV as a target.

http://profiles.google.com/khimera2000 Jonathan Freeman

It would be sooo wrong for these guys to go into a bank, and say whipe out all the loan information:D just set it to fully paid… Ya that would be horrable….. :D that would get the banks atttention… or better yet sing them over to a corparation : )) it would be weard to find out your company needs to pay 50000000 hose payments teh next morning :)

Anonymous

All the UK police, judges, and law enforcement Details would be nice. Addresses telephone numbers, just so we could ring them up at home to say what a lousey job they do :D

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.